Some attack scenarios may include worm-like malware attacks to demonstrate these capabilities.

The scope of a ‘Red-Team’ is not limited to a specific system or IP address, it covers the entire organization the same way external attacker would. Breaking the perimeter is only the first stage of a ‘Red-Team’ exercise. Hunting down ‘crown jewels’ inside your network while staying undetectable is the challenging part. Moving laterally around the network help organizations to test their detection capabilities, security architecture and security systems configurations.

The results of a ‘Red-Team’ exercise are just another list of vulnerabilities that needs to be addressed but rather a wide and strategic view of the organizational overall security posture, highlighting it’s weakest links.

‘Red-Team’ exercises demonstrate in a clear and strategic way the gaps in your organization’s security program, and provide detailed strategies for improvement.

We help organizations prepare to a real-life attack scenario and to improve prevention, detection and response time to advanced threats :

INFORMATION GATHERING

Every activity begins with an initial Reconnaissance and Threat analysis phases.
At this preliminary stage, Komodo’s team utilizes the CYSNIFF platform in order to automatically and methodology collect information about the organization’s attack surface. After gathering the information, Komodo continues to create a map detailing the results and their analysis, i.e. a list of possible targets and attack vectors, likely attack scenarios, and possible “weakest links”.

CRACKING THE PERIMETER

Based on the generated threat map, Komodo’s team will continue to try and gain control (operating system level) of an internet facing server/system in the client’s DMZ, by detecting and exploiting application/infrastructure level vulnerabilities.

Social Engineering techniques may be used to exploit the trust of an employee. Such techniques may include ‘Spear Phishing’, tailored-made malware distribution, referral to malicious websites and so forth.

PERSISTENCE, CONTROL & TROPHY HUNT

Once an initial foothold has been established on the operating system level. The team will demonstrate control over a system/server/workstation in the datacenter while continuing to install persistence mechanisms that allow continuous acquisition of resources in the network in the same way an Advanced Persistent Threat (APT) would.